Denilson Figueiredo de Sá

How Google/Firefox Geolocation API works

Web (HTML/CSS/JavaScript/DOM)

My other pages

Recent visitors

Trying it out

Researching...

Conclusions

Comments

Write a comment

Thursday, July 23, 2009 3:23:07 AM

Today I found that Google Maps could find almost exactly where I am (missed by one block, about 100 meters). I was quite surprised and spooked by this feature, and wanted to understand how it works.

Currently, both Google Chrome (with Google Gears) and Mozilla Firefox 3.5 support geolocation API.

Go to Google Maps and click on the little button right above the street-view icon (right above the zoom slider). The browser will ask permission before giving geolocation information to the site. Then your location is magically marked on Google Maps.

How the hell does it know my location?

Looking at Geolocation API Network Protocol, I see that information about nearby Wi-Fi and cellphone towers is sent to the geolocation service provider, which will return a location based on such info. Since this is a notebook and it has no cellphone connectivity, I suppose the only available info is about Wi-Fi access points.

But... Wait! Does the browser (or even the web application) have access to available Wi-Fi networks? It's weird, it's scaring, but the answer is: yes!. If you go to test-geolocation with a Gears-enabled browser, you will see that the webpage can grab information about available Wi-Fi access points.

Anyway, the geolocation API uses the Wi-Fi access points behind the scenes. If the web application uses the geolocation API, it receives just the coordinates. All the details about how those coordinates are calculated are completely hidden from the end-user (or the application).

So... If it uses Wi-Fi to find out the location, what happens if I disable Wi-Fi on my notebook and connect to the Internet using the good old ethernet cable? Testing... Hmm... It doesn't know anymore where I am!

My next step is to find out what service it uses for resolving the location, based on Wi-Fi networks. I've written a simple geolocation JavaScript for test purposes. Actually, I copied the code from another example and cut away all extra parts. This code is available at the Simple geolocation experiment page. It only works on Firefox, but that's enough for my tests.

Now I open Wireshark and start capturing packets. Then I click on "Find me!" on that test page. Now I go back to Wireshark and start to analyze the packets... Damn it! The data is sent over a secure connection (HTTPS)! I can't read the contents! Time for more research...

After a little while, I found something interesting. Obviously, the URL for the geolocation resolver is not hard-coded inside the browser: it is available at about:config in Firefox. Just look for geo.wifi.uri.

Time for more experiments... The default value for geo.wifi.uri is https://www.google.com/loc/json. Let me change that https to http and try again, while capturing packets using Wireshark... Success!

The browser sends a POST request with a very simple JSON, containing just two properties: "version":"1.1.0" and "wifi_towers". The list of Wi-Fi access points sends the following details about them: "mac_address", "ssid" and "signal_strength". In my case, two access points were sent.

The response is also in JSON format, containing two properties: "location" and "access_token". The location itself is composed of three properties: "latitude", "longitude" and "accuracy".

Update 2010-02-19: An anonymous user shared the link to the Google Geolocation API Network Protocol.

There are only two Wi-Fi networks here, one is my own ad-hoc network and the other one is probably from some neighbor (who is probably called "Walter"). Thus, I wanted to find out if Google knows about the location of my Wi-Fi (which would be insanely scary) or it only knows about "Walter Wi-Fi Network". For this purpose, I wrote a simple Python script:

import sys
import urllib2

url = "https://www.google.com/loc/json"
data = """INSERT YOUR JSON DATA HERE""

output = urllib2.urlopen(url, data).read()
sys.stdout.write(output)

In data, I pasted the exact JSON that Firefox sends to Google, but removed my Wi-Fi from that list (leaving only the neighbor's Wi-Fi on that list). After running the script, I got the same response that I got in Firefox. This means that Google knows exactly where "Walter Wi-Fi Network" is located. Then, I removed the neighbor's network and put my own network back. What happened? I got an empty JSON response. This means Google does not know about my network... yet?

But the question remains: how the hell does Google know the exact geolocation of my neighbor's Wi-Fi?

Ubuntu + sysklogd + remote logging = slowI need help about mcelog - Machine Check Exception

Dan Alexandrudantesoft # Friday, July 24, 2009 10:31:41 AM

Wardriving.

Anonymous # Monday, August 3, 2009 10:50:45 AM

Tili writes: I did same for GSM based location and the response from json is in binary.

Anonymous # Monday, August 3, 2009 11:08:21 AM

Tili writes: Alright, I see it is gzipped and need to unzip to get JSON response.

Denilson Figueiredo de SáCrazyTerabyte # Monday, August 3, 2009 5:38:52 PM

@Tili:
HTTP data can be compressed.
http://en.wikipedia.org/wiki/HTTP_compression

The urllib2 module from the Python example in my post automatically handles that.

Mad Scientistqlue # Friday, August 14, 2009 2:42:30 AM

Two possibilities come to mind, one is that 'walter' is a registered hotspot associated with a local business, and the other is that 'walter' has been tagged. Many wi-fi apps for mobile phones include a tagging component that you agree to in the uses licence. So using that app automatically tags your location when you're using wi-fi. (often using built in gps if available) a bit of trig. And a very accurate 'map' of known wi-fi hotspots can be deduced.

.
Signal strength is also part of the equation.

Anonymous # Thursday, December 3, 2009 1:58:58 AM

Bernie Goldbach writes: I've seen Google Latitude pass the exact street address of a router, if it was installed with that unmasked data.

Anonymous # Friday, February 19, 2010 1:00:31 AM

Anonymous writes: http://code.google.com/apis/gears/geolocation_network_protocol.html

Anonymous # Wednesday, March 3, 2010 6:16:45 PM

Anonymous writes: My guess, as many have said, is that GPS enabled devices can do the exact same measurements your browser is doing. Thus, sending GPS location + surrounding WiFi Networks. Doing this, allows Google for example to map you fairly easily (i.e. People using Google Maps on an iPhone can be contributing to the big database every time they ask to be "located" on the map).

Anonymous # Wednesday, April 21, 2010 6:41:36 AM

Dean writes: "Wardriving." Maybe Google's Streetview cars aren't just taking pictures.

Mad Scientistqlue # Wednesday, April 21, 2010 10:02:25 AM

War driving and war walking is a criminal offence.

.
There is no white hat use for such activities.

Anonymous # Thursday, April 22, 2010 6:00:59 PM

Anonymous writes: Google's Streetview cars may very well collecting SSIDs by location. http://www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans/

Denilson Figueiredo de SáCrazyTerabyte # Thursday, April 22, 2010 6:12:46 PM

That may be true, but there is no Street View available here (yet; I know it's coming some time this year).

Although Street View might collect WLAN SSIDs, that's not the case here. What's more, such data would become obsolete very fast.

Anonymous # Thursday, October 14, 2010 8:08:07 AM

Anonymous writes: Google has collected ssids as they are able to plot my office wifi on the map perfectly.

Anonymous # Monday, April 4, 2011 10:37:35 PM

Anonymous writes: Oi Denilson , precisava ajuda. Esotu tentando usar esta API, usando python tb, so que estou usando celltower e nao wifi. Consegue me ajudar? a resposta é sempre a mesma e não é a correcta. "accuracy":140000.0 mostra qu está muito longe de saber on de está. Obrigado

Denilson Figueiredo de SáCrazyTerabyte # Tuesday, April 5, 2011 2:00:50 AM

Caro anônimo: não sei, nunca usei essa API de fato. Fiquei curioso para entender como funciona, fiz os experimentos descritos acima, e depois nunca mais usei.

Sugiro você procurar a documentação oficial dessa API, para saber exatamente como usar.

Blog search

HTML 4.01 Specification
Official W3C HTML 4.1 specs.
CSS 2.1 Specification
Official W3C CSS 2.1 specs.
www.HowToCreate.co.uk
Excellent site with lots of good tutorials about HTML, CSS, JavaScript and DOM. The author always try to make things cross-browser and standard compliant.
BrainJar.com
Nice site with nice DOM tutorials and already made scripts. However, some scripts are not really cross-browser. DOM tutorials are nice to beginners, though.
Ampersands, PHP Sessions and Valid HTML
Why using PHP sessions causes invalid HTML and XHTML to be generated, and how to fix it.
dean.edwards.name/IE7/
IE7 is a JavaScript library to make IE behave like a standards-compliant browser. It fixes many CSS issues and makes transparent PNG work correctly under IE5 and IE6.
Sending XHTML as text/html Considered Harmful
An excellent text that says you must not use XHTML if you do not understand it.
Client-Side JavaScript 1.3 Reference
Old documentation of JavaScript 1.3, previously available at Netscape site.
Document Object Model (DOM) Technical Reports
W3C DOM specification.
Supporting IE with conditional comments
Excellent article.
Is HTML5 ready yet?

http://denilsonsa.selfip.org/~denilson/
My "official" page.

January 2012March 2012

Download Opera - Surf the Web with lightning speed, using the fastest browser ever.

Help/FAQ | Terms